VoIP QOS config with Nortel 2

[keithja]

Hi,
I'm a QOS newbie and my L3 experience is pretty limited as well.

I am configuring a new network to be used with a new nortel PBX (as part of a move to a new building) and we will have a small number(30) of nortel I2002 and I2004 ip phones on it. The desks with the IP phones will have the PC's plugged directly into the phones.

The network we are building will have 3 Cisco3750 (12.2.20 SMI)at the backbone with 3560POE's as workgroup switches. The IP phones will be connecting to the 3560's: associated servers will connect to the 3750s. Total nodes including non-IP will be upwards of 400.

Nortels phones tag voice traffic as diff-serv expidite and leave packets from the data ports untagged. Nortel requests strict dequeuing be used.

I am confused about several issues in configuration of the 3750s and 3560s.

I plan on creating a separate VLAN for voice. Do I need to set up interVLAN routing between the voice vlan and the data vlan to accomodate the PC's?

If routing is required, then I assume I would need to set up multicast routing as well to support multicast applications on those PCs? And DHCP and DNS helpers as well?

Can I use autoQOS to implement the basic config and tweak it from there?

Does anyone have a sample configuration for a similar scenario they could post as a guide?

Thanks much for your help!

onthe-moov

 

[lambent]

You can really have a totally isolated VLAN for VoIP unless your voice system will have integration with your existing servers, such as voice email, applications for the VoIP phones...etc.

If your multicast application servers are not on the same subnets as PCs, then you may want to set up multicast routing like PIM sparse-dense mode.

And for DHCP servers, yes you'll need a IP helper address if the DHCP is not on the same subnet as PCs.

I don't think you'll need helper for DNS.

For AutoQoS, read this:

http://www.cisco.com/application/pdf/en/us/guest/tech/tk879/c1550/cdccont_0900aecd800a8561.pdf

 

[keithja]

Thanks for the information lambent. I will peruse the auto-qos pdf. The associated application servers are dual-homed. But with the user PC's plugged into the phones, won't the PC traffic be on the same VLAN as the voice traffic? Or is there a way to assign the PC traffic to a different VLAN?

thx again,
dazed&confused

 

[lambent]

switchport voice vlan {vlan-id | dot1p | none | untagged}

This is for assigning the voice vlan on your L2 ports on Cat3560.

Then for assigning data vlan, use the traditional command:

switchport access vlan {vlan-id | dynamic}

Both can co-exist on the same interface configuration.

 

[mjblake]

keithja,

Did you ever get a configuration that works. I have the same situation only I have 3560, 4500 and 6500 switches. looking for trunk and QoS interface configurations to connect i2004 IP phones.

mjblake

 

[lambent]

mjblake,

It all depends on how your IP phones do the VLAN tagging of the voice and data traffic.

If both voice and data traffic are tagged, then on the Cisco switch you need to set trunk and allow the voice and data VLAN IDs.

If voice is tagged while data is untagged, then it should be the same situation as keithja where you need "switchport voice vlan" and "switchport access vlan" commands and of course "switchport mode access".

 

[ADB100]

I did some lab work with the Nortel IP Phones recently and wrote a document on how to configure the various bits (Cisco 3560's with QoS & Voice VLAN's, DHCP Options to support the IP Phones etc). It isn't too complex but the information from Nortel is quite hard to find.

For the Cisco end you need to decide on your QoS model and whether you want to use Voice VLAN's. But without a deeper look into your network etc the following will enable a Voice VLAN on an access port.

interface fasetherent0/1
switchport mode access
switchport access vlan 10 (Data VLAN - untagged)
switchport voice vlan 100 (Voice VLAN - tagged)
!

Next you need to make sure both VLAN 10 and VLAN 100 can reach your DHCP Server(s). This can be achieved by physically having a DHCP Server on the VLAN or by enabling IP Helpers on your Layer-3 interfaces (bear in mind this needs to be enabled on your routers if your switches are only layer-2):

interface VLAN 10
description Data VLAN
ip address 10.1.1.1 255.255.255.0
ip helper-address 10.10.10.10 (DHCP Server)
!
interface VLAN 100
description Voice VLAN
ip address 10.10.1.1 255.255.255.0
ip helper-address 10.10.10.10 (DHCP Server)
!

A Nortel IP Phone at default is configured for auto everything, in this state it does this:

1. Boots and starts to 'talk' using no VLAN Tagging as it has no knowledge of it. It requests a n IP address via DHCP
2. The DHCP assigns an IP address to the IP Phone from the Data VLAN (10)
3. In the DHCP Scope for the the Data VLAN you must pass the VLAN information to the IP Phone. This is done using User Specified option 144 (string) in the format 'VLAN-A=id1,id2,id3.' Where idX is the VLAN Tag (list can be bigger or smaller but must end with a period). For example you use Voice VLAN 100 option 192 is set:
VLAN-A=100.
4. The phone releases the IP Address from the Data VLAN and attempts to talk using the first VLAN Tag, if this is unsucessful it then attempts the second etc until it receives an IP address. Be careful here as the timeout is LONG so you need to design your Data & Voice VLANs to follow each other (i.e. one Voice & one Data VLAN Per switch)
5. In the Voice VLAN scope you need to add a different option that allows the IP Phone to discover the Server IP Address(es) and Port numbers. This is done using User Specified option 128 (string) in the format 'Nortel=i2004-A,<S1 IP Address>:<S1 Port>,<S1 action>,<S1 Retry Count>;<S2 IPAddress>:<S2 Port:,<S2 Action>,<S2 Retry Count>.' Note it must end with a period. For example if your Server addresses are 10.2.2.2 and 10.2.2.3 using port 7000 an Action of 1 (this is the only applicable Action) and a retry count of 5 the option would look like:

Nortel-i2004-A,10.2.2.2.:7000,1,5;10.2.2.3:7000,1,5.


With regards to QoS the Nortel IP phones set an 802.1p Priority value of 6 for all packets (obviously only once they are using the VLAN Tag). They also set the IP DSCP Value to 40 for signalling and 46 for RTP Media packets. These values DO NOT fit in with Cisco's Auto-QoS so you really need to change the defaults or write a service policy to identify the various packets from the IP PHones and reset the DSCP Values for your QoS Model.


Good luck

Andy

 

[ADB100]

Sorry the line:

Nortel-i2004-A,10.2.2.2.:7000,1,5;10.2.2.3:7000,1,5.

Should read:

Nortel=i2004-A,10.2.2.2.:7000,1,5;10.2.2.3:7000,1,5.


Andy

 

[keithja]

THANKS ADB100! I was preparing to respond to MJBlake to let him know what I was planning on trying based on lambents info and info I read, and saw your post! It's very nice to have it layed out. Because we will only be using 30 or so IP phones initially, we're going to use Static IP assignments, this makes it easier to trace a particular phone IP to a definite location. If we expand, we will switch to DHCP. That is something MJBlake may wish to keep in mind and adjust his config according to the number of phones he expects to have in the near future, and how much value being able to identify the phone by the IP address has for him.

BTW, I have the ability to create packets at the hex level and generate them. Does anyone happen to have a VLAN-tagged / Diffserv-expidite tagged packet structure I could borrow?

 

[mjblake]

Thanks all. ADB100 - where did you find the DHCP options for the IP phones. I looked everywhere and found nada. I questioned our PBX rep about it (knowing Cisco uses the tftp option) and was told no options were necessary. I have already configured the access and voice vlans as well as the QoS policy but it didn't come up. Thanks again everyone.

- Mjblake

 

[ADB100]

I spent ages searching and eventually found a .pdf document on the Web for the Nortel Business Communications Manager 3.0. In this it listed the DHCP Options.

http://www.adchouston.com/bcm_documents/NA English/ipteleph.pdf

I also had another document emailed to me that was supposed to be a technical document regarding exactly this, it explained the logic but gave no specific DHCP options or syntax (

Ethereal is your friend here I think......

Andy

 

[keithja]

ADB100,

Hi, I was reviewing your configuration and have a couple of questions.

On the interfaces which have Nortel Phones connected to them (as well as PCs) wouldn't we need to tell the switch to trust the QOS tagging the phones do with a

mls qos trust DSPC?

And if so, does that command need to be executed on each interface between the phone and the server (IE the ingress side of the uplink ports)?

Finally, do you need to make any Queue changes or set up rate limiting?

Just wondering.
Thx,

ka

 

[ADB100]

Ahh QoS my favourite subject.......

If you want it nice and simple then yes, just trust DSCP on the interfaces and enable the expedite queue.

interface fasethernet0/1
mls qos trust dscp
priority-queue out


There are some differences in the DSCP values between what the Nortel IP Phones use and what Cisco IP Phones use. The Nortel Phones set DSCP 40 for signalling and 46 for RTP Media streams, whereas Cisco use DSCP 24/26 for signalling and 46 for media. By default both these DSCP values (40 & 46) will map to CoS 5 and therefore the expedite queue (if it is enabled). I would recommend that the signalling is mapped to a different queue, you can do this with the global config command 'mls qos map dscp-cos 40 3'.

There are LOTS of configuration and command differences for QoS between the various Cisco switches so you need to be careful. I would suggest the CiscoPress book by Tim Szigeti 'End-toEnd QoS Network Design: Quality of Service in LANs, WANs, and VPNs'. This takes a detailed look at how QoS can be implemented and talks heavily on classifying and policing ALL traffic, something that I would recommend due to the increasing abuse networks are subject to.

Good luck

Andy

 

[jonks]

ADB100.

Intresting post. I have been looking into running Cisco IP phones over a Nortel switched environment using NORTEL 5520 POE switches. This has been sucessful apart from a few issues with running both Voice and data vlans through one port. I have been using the untag pvid only command and this works although has not been as stable as i would like.

Have you had any experience of this.

 

[ADB100]

jonks

I have had no experience with running Cisco Phones over Nortel switches but the logic should be the same. It is recommended to use a different VLAN for voice although you don't have to. I have seen customers deploy voice on the same VLAN as their users so it works it just isn't the recommended way of doing it.

I am unsure what the 'utag pvid' command does on the Nortel switches, can you enlighten me?

Thanks

Andy

 

[jonks]

We have two VLANS one is data and is the default vlan PVID 1. The second is voice and is PVID 3.

OUr cisco phones are patched into our 5520 switches and are PC are patched into the Phones. The port is confiugred with the following VLAN information

eg. Phone is patched into port 7

Port 7 is memeber of vlan 1 and 3

port is set to untag pvid only and pvid is set to 1.

This means that all traffic from the phone is tagged with either the voice or data pvid. WHen it is received at the switch frames are untagged if they are a member of the default vlan and forwarded. It is very similar to cisco native vlan. Hope that makes sense.

 

[keithja]

Hi Andy,

Thanks a ton for your help. I am certainly going to get the book by Tim Szigeti. One final clarification, any of the uplink ports from the IP phone to the PBX will need the same QOS configuration as well, true?

IE for the scenario:

IP phone on port fa0/13 of wkgrpSW1
wkgrp SW1 Uplink-trunk Port Gi0/1 to BB1 trunk prt Gi1/0/22
BB1 port Gi1/0/20 trunk port to Telecom1 trunk port Gi0/1
Telecom1 fa0/5 to PBX

wkgrpSW1 fa0/13 and Gi0/1
BB1 Gi1/0/22 and Gi1/0/20
Telecom1 Gi0/1 and fa0/5

have the following commands applied:
(interface )
switchport access vlan 10 (Data VLAN - untagged)
switchport voice vlan 100 (Voice VLAN - tagged)
mls qos trust dscp
priority-queue out

(Global mode on each switch)
mls qos map dscp-cos 40 3

Thanks a ton Andy

 

[ADB100]

Hi

Yes all Access Ports (ones that you attach your IP Phones to) need the QoS settings you listed. Uplink ports that connect to routers or other switches also need QoS configuring, but again similar to what you have listed minus the 'switchport voice vlan' as they will normally be VLAN Trunk ports.

Instead of trusting the received DSCP values you could try writing a policy to re-classify the DSCP values to the Cisco AVVID Guidelines - have a look on CCO for 'Cisco IP Telephony Solution Reference Network Design (SRND)' This details the different DSCP values and what traffic should use what.

I would recommend a service policy that re-classifies as well as polices traffic within certain traffic 'profiles'. For example a G.711 conversation will typically take about 80Kbps of bandwidth If traffic that is recognised as a G.711 call is going beyond 80Kbps it is likely that this isn't a phone call and could be a hacker trying to take advantage of the Priority Queue. This traffic falls outside of the 'profile' and would be policed by an ingress service-policy on the access-port. A lot of this is detailed in the CiscoPress book I mentioned.

Good luck

Andy

 

[njgpeck]

I have an additional question for this group. I am implementing Nortel I2002/i2004 phones with Cisco 2950 Standard Image switches.

There is a feature on the Nortel Phone for Vlan, do I need to set this to my voice Vlan number? Each time I have tried I lose connection to the phone.

Phone system works great but can't seem to get the QOS to work on our network.

Thanks again for your help.